Mailer Daemon and Mail Delivery Subsystem errors explained (and how to fix them)
What a Mailer Daemon or Mail Delivery Subsystem bounce-back means, the common reasons an email fails to deliver, how to read the SMTP status code in the message, step-by-step fixes for each cause, Gmail and Yahoo specifics, and what bounces that arrive for mail you never sent are telling you.

A Mailer Daemon is the automated program on a mail server that sends a bounce-back message when an email cannot be delivered. The message arrives from a sender like "Mail Delivery Subsystem" or "Mailer-Daemon", it usually carries a subject such as "Delivery Status Notification (Failure)", and it means one specific email did not reach its recipient. The useful part is the status code buried in the body, which names why the message failed and whether the address is dead for good or just temporarily unreachable.
What is a mailer daemon?
A mailer daemon is a background program on a mail server that handles the delivery of outgoing email and reports back when a delivery fails. The word "daemon" is a long-standing computing term for a process that runs unattended in the background, waiting to act when it is needed. When an email cannot be delivered, the daemon is the part of the server that generates the automated reply explaining what went wrong.
That automated reply is the message most people mean when they say "I got a mailer daemon email". It is a bounce, formally a non-delivery report, and it is sent to the original sender, not to the intended recipient. Receiving one is normal and routine: it is simply the mail system telling the sender that a particular message did not arrive, the same way a returned letter comes back with a stamp explaining why.
Crucially, a mailer daemon message is a symptom report, not a problem in itself. The bounce is the messenger; the cause is somewhere in the address, the recipient's server, or the sending setup. The rest of this article is about reading that report and acting on what it says.
"Mail Delivery Subsystem" and other names for the same thing
The exact name on the bounce depends on which mail system rejected the message, which is why the same event shows up under several different senders. "Mail Delivery Subsystem" is simply Gmail's name for its mailer daemon, and the other major providers each have their own label for the identical function. Recognizing them avoids the worry that a strange new sender has appeared.
- Mail Delivery Subsystem is what Gmail and Google Workspace call it. The bounce
arrives from the address
mailer-daemon@googlemail.comwith that display name. - Mailer-Daemon is the traditional Unix and sendmail name, still used by many
mail servers. The address is typically
MAILER-DAEMON@followed by the server's hostname. - Yahoo and Outlook use their own variants. A Yahoo bounce comes from a Yahoo mailer-daemon address, and Microsoft systems label the failure a non-delivery report, or NDR.
All of these are the same mechanism with different branding. Whatever the sender name, the message is an automated delivery failure for one specific email, and the part that actually matters is the reason and the status code inside it, which work the same way across every provider.
Why you got the error: common causes
Most bounces trace back to a short list of causes, and the bounce itself names which one applies. The single most common reason is a recipient address that does not exist, usually a typo or an old address that has since been closed. The others range from problems on the recipient's side to issues with how the message was sent.
- Wrong or nonexistent address. The address is misspelled, or the mailbox was deleted. The recipient's server has nowhere to put the message, so it rejects it permanently.
- Full mailbox. The recipient is over their storage quota and cannot accept new mail until space is freed. This is temporary, and the message may go through on a later attempt.
- Blocked or filtered as spam. The receiving server decided the message looked unwanted, either from its content or from the sender's reputation, and refused it.
- Failed authentication. The sending domain is missing or failing SPF, DKIM, or DMARC, so the receiver cannot confirm the mail is genuine and rejects it, increasingly the rule for bulk senders.
- Message too large. The email, including attachments, exceeds the recipient server's per-message size limit.
- Recipient server unavailable. The receiving server is down, unreachable, or deferring mail because of load. This is temporary and usually resolves on its own.
Two of these (the full mailbox and the unavailable server) are temporary and often clear without any action. The rest need a fix on the sending side, whether that is correcting the address or repairing authentication, which is what the status code helps pin down.
How to read a bounce message
A bounce looks intimidating because it includes technical headers, but the useful part is small and always in the same place. A bounce is a delivery status notification, and it carries three things that matter: the address that failed, a plain-English reason line, and a numeric status code that classifies the failure precisely. Find those three and the rest of the message is noise.
The first thing to read off the code is whether the failure is permanent or temporary, because that determines whether action is even needed. A code starting with 5 is a hard bounce, a permanent failure; a code starting with 4 is a soft bounce, a temporary one. A hard bounce will not succeed on retry and points to something that must be fixed, while a soft bounce often resolves on its own.
Each failure carries two codes side by side: a three-digit SMTP code such as 550, and
a more precise enhanced status code such as 5.1.1 in a class.subject.detail form. The enhanced code is the one that tells you the actual cause. These are the codes
that show up most often in a real bounce.
| Code | Type | What it means |
|---|---|---|
| 550 5.1.1 | Hard | The recipient address does not exist (user unknown). Usually a typo or a closed mailbox. |
| 550 5.7.1 | Hard | The message was blocked by policy: refused as spam, relay denied, or sender not allowed. |
| 550 5.7.26 | Hard | Authentication failed. The message did not pass SPF or DKIM and was rejected (Gmail). |
| 552 5.2.2 | Hard | The recipient mailbox is full and over its quota. |
| 552 5.3.4 | Hard | The message is larger than the recipient server's size limit. |
| 452 4.2.2 | Soft | The mailbox is temporarily full. The message may deliver on a later attempt. |
| 421 4.7.0 | Soft | The message was temporarily deferred, often for volume or reputation. Retried automatically. |
Alongside the code, the bounce includes a human-readable line that often restates the cause in plain words, such as "The email account that you tried to reach does not exist." When the code and the reason line disagree or look unfamiliar, trust the enhanced status code: it is defined by a standard and means the same thing on every server, while the wording is whatever the receiving administrator chose to write.
How to fix it
The fix follows directly from the cause the code identified, and most are quick. Match the bounce to one of these and act on that line; there is no need to work through the whole list.
- Wrong address (550 5.1.1). Check the address character by character for a typo, confirm it with the recipient through another channel, and resend to the corrected address. If it was right and still bounces, the mailbox has likely been closed.
- Full mailbox (552 5.2.2 or 452 4.2.2). Wait and resend later, since only the recipient can clear space. A 4xx version of this often clears on its own without a second attempt.
- Blocked as spam (550 5.7.1). Read the reason line for a blocklist URL or a policy reference, remove anything that reads as promotional from a one-to-one message, and check whether the sending domain or IP appears on a public blocklist.
- Authentication failure (550 5.7.26). Set up SPF, DKIM, and DMARC on the sending domain so the receiver can verify the mail is genuine. This is the fix for mail sent from a custom domain or an application, covered in the prevention section below.
- Message too large (552 5.3.4). Remove or shrink attachments and send large files as a link instead. The attachment size limits by provider cover the real ceilings, which are lower than they look.
- Temporary deferral (421 4.7.0). Do nothing. A well-behaved mail server retries a 4xx failure automatically over the following hours, and the message usually goes through.
Gmail and Yahoo specifics
Gmail and Yahoo behave like every other mail system but use their own sender names and error codes, and both tightened their rules for bulk senders in 2024. A Gmail bounce comes from "Mail Delivery Subsystem", and a Yahoo bounce from a Yahoo mailer-daemon address, but the codes inside follow the same standard described above.
The change worth knowing is the authentication requirement. Since early 2024, Gmail and
Yahoo require senders of roughly 5,000 or more messages a day to set up SPF, DKIM, and DMARC,
offer one-click unsubscribe, and keep their spam-complaint rate under 0.3%. Mail from a high-volume
sender that skips authentication now bounces with Gmail's 550 5.7.26 rather than
landing in spam, so the failure is loud instead of silent.
Both providers also defer mail temporarily when they see an unusual volume or a reputation
problem, each with its own code. Gmail uses 421 4.7.28 for rate-limited mail,
and Yahoo uses 421 4.7.0 for the same kind of volume-based deferral. These
are soft, temporary failures rather than rejections, and they are a signal to slow down and check
sender reputation rather than to keep retrying harder.
Bounces for mail you didn't send
A mailer daemon message for an email you have no memory of sending is alarming, but it usually has a mundane explanation. A spammer forged your address as the sender, the message bounced, and the bounce came back to the real owner of the address: you. This is called backscatter, and it does not mean your account was accessed or your password is compromised.
The reason it is possible is that the basic email protocol lets anyone put any address in the "From" field, the same way a paper envelope can carry any return address. A sudden burst of bounces for mail you never sent is a sign your domain is being spoofed, not breached. Changing the password does nothing, because the password was never involved.
The real defense is authentication on the domain. A DMARC policy tells receiving servers to reject mail that forges your address, which cuts off the spoofing at the source and stops the backscatter along with it. For how the three records fit together and how to deploy them safely, see SPF, DKIM, and DMARC explained for developers.
How to prevent bounces at scale
A one-off bounce to a mistyped address needs nothing more than a correction, but an application sending thousands of messages needs to prevent and handle bounces systematically. Three things keep delivery healthy at volume: proper authentication, a clean recipient list, and active monitoring of failures.
- Authenticate the sending domain. SPF, DKIM, and DMARC are what stop the authentication bounces and the spoofing behind backscatter, and they are now required by Gmail and Yahoo for bulk mail. They are the highest-leverage fix.
- Suppress hard bounces automatically. A permanent failure means the address is dead, so sending to it again is a strong spam signal. Remove every hard-bounced address on the first failure and never retry it.
- Monitor bounce and complaint rates. A rising hard-bounce rate points to a list-quality problem, and catching it early prevents the reputation damage that turns into more bounces. The email deliverability checklist covers the thresholds to watch.
FAQ
What is a mailer daemon?
Why do I keep getting Mail Delivery Subsystem emails?
Is a mailer daemon email spam or a virus?
What does mailer-daemon@yahoo.com mean?
How do I stop mailer daemon messages?
What is the difference between a hard bounce and a soft bounce?
Bottom line
A mailer daemon or Mail Delivery Subsystem message is a mail server reporting that one email could not be delivered, and the fix follows from the code it carries. Read whether it is a 5xx permanent failure or a 4xx temporary one, find the cause in the enhanced status code, and act on that single line: correct the address, wait out the deferral, or repair authentication.
For a single mistyped address that is the whole job, but an application sending at volume avoids most of these errors by authenticating its domain, suppressing dead addresses, and watching its bounce rate. Lettr does that automatically: domains are authenticated at setup, hard bounces are suppressed, and every failure arrives with its reason and code through webhooks. Create a free account, or read the deliverability tooling to see how it handles bounces at scale.